2839 matches found
LG Mobile Security Breach
LG mobile is a series of mobile device products from South Korea's Luckin LG. A security vulnerability exists in LG Mobile. An attacker could use this vulnerability to change the file access mode to globally readable and globally writable...
PT-2023-24653 · Spring · Spring Security
Name of the Vulnerable Software and Affected Versions: Spring Security versions prior to 5.8.7 Spring Security versions prior to 6.0.7 Spring Security versions prior to 6.1.4 Spring Security versions prior to 6.2.0-M1 Description: The spring-security.xsd file inside the spring-security-config jar...
CVE-2023-35845
Anaconda 3 2023.03-1-Linux allows local users to disrupt TLS certificate validation by modifying the cacert.pem file used by the installed pip program. This occurs because many files are installed as world-writable on Linux, ignoring umask, even when these files are installed as root. Miniconda i...
CVE-2023-35845
Anaconda 3 2023.03-1-Linux allows local users to disrupt TLS certificate validation by modifying the cacert.pem file used by the installed pip program. This occurs because many files are installed as world-writable on Linux, ignoring umask, even when these files are installed as root. Miniconda i...
Code injection
Anaconda 3 2023.03-1-Linux allows local users to disrupt TLS certificate validation by modifying the cacert.pem file used by the installed pip program. This occurs because many files are installed as world-writable on Linux, ignoring umask, even when these files are installed as root. Miniconda i...
PT-2023-6499 · Anaconda · Miniconda +1
Name of the Vulnerable Software and Affected Versions: Anaconda 3 versions 2023.03-1-Linux Miniconda version not specified Description: The issue allows local users to disrupt TLS certificate validation by modifying the cacert.pem file used by the installed pip program. This occurs because many...
CVE-2023-35845
Anaconda 3 2023.03-1-Linux allows local users to disrupt TLS certificate validation by modifying the cacert.pem file used by the installed pip program. This occurs because many files are installed as world-writable on Linux, ignoring umask, even when these files are installed as root. Miniconda i...
CVE-2023-25600
An issue was discovered in InsydeH2O. A malicious operating system can tamper with a runtime-writable EFI variable, leading to out-of-bounds memory reads and a denial of service. This is fixed in version 01.01.04.0016...
SUSE CVE-2023-4052
The Firefox updater created a directory writable by non-privileged users. When uninstalling Firefox, any files in that directory would be recursively deleted with the permissions of the uninstalling user account. This could be combined with creation of a junction a form of symbolic link to allow...
SUSE SLES15: MozillaFirefox / MozillaFirefox-devel / etc (SUSE-SU-2023:3163-1)
The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:3163-1 advisory. This update for MozillaFirefox fixes the following security issues: Firefox was updated to Extended Support Release 115.1.0 ESR...
CVE-2023-4052
The Firefox updater created a directory writable by non-privileged users. When uninstalling Firefox, any files in that directory would be recursively deleted with the permissions of the uninstalling user account. This could be combined with creation of a junction a form of symbolic link to allow...
UBUNTU-CVE-2023-4052
The Firefox updater created a directory writable by non-privileged users. When uninstalling Firefox, any files in that directory would be recursively deleted with the permissions of the uninstalling user account. This could be combined with creation of a junction a form of symbolic link to allow...
CVE-2023-3321 Code Execution through Writable Mosquitto Configuration File
A vulnerability exists by allowing low-privileged users to read and update the data in various directories used by the Zenon system. An attacker could exploit the vulnerability by using specially crafted programs to exploit the vulnerabilities by allowing them to run on the zenon installed hosts...
CVE-2023-31462
An issue was discovered in SteelSeries GG 36.0.0. An attacker can change values in an unencrypted database that is writable for all users on the computer, in order to trigger code execution with higher privileges...
Code injection
An issue was discovered in SteelSeries GG 36.0.0. An attacker can change values in an unencrypted database that is writable for all users on the computer, in order to trigger code execution with higher privileges...
SteelSeries GG 安全漏洞
SteelSeries GG is an all-in-one gaming platform from Danish company SteelSeries. It bundles powerful gaming applications into one easy-to-use interface. SteelSeries GG version 36.0.0 contains a security vulnerability that can be exploited by an attacker to change values in an unencrypted database...
PT-2023-23344 · Steelseries · Steelseries Gg
Name of the Vulnerable Software and Affected Versions: SteelSeries GG version 36.0.0 Description: An issue allows an attacker to change values in an unencrypted database that is writable for all users on the computer. This can trigger code execution with higher privileges. Recommendations: For...
SUSE CVE-2023-30571
Libarchive through 3.6.2 can cause directories to have world-writable permissions. The umask call inside archivewritediskposix.c changes the umask of the whole process for a very short period of time; a race condition with another thread can lead to a permanent umask 0 setting. Such a race...
Important: runc
Issue Overview: runc is a CLI tool for spawning and running containers according to the OCI specification. In affected versions it was found that rootless runc makes /sys/fs/cgroup writable in following conditons: 1. when runc is executed inside the user namespace, and the config.json does not...
CVE-2023-34204
imapsync through 2.229 uses predictable paths under /tmp and /var/tmp in its default mode of operation. Both of these are typically world-writable, and thus for example an attacker can modify imapsync's cache and overwrite files belonging to the user who runs it...